wireshark-dev October 2010 archive
Main Archive Page > Month Archives  > wireshark-dev archives
wireshark-dev: [Wireshark-dev] how to get the dissected data for

[Wireshark-dev] how to get the dissected data for the tap listener

From: Zhao, Liang (US SSA) <Liang.Zhao_at_nospam>
Date: Wed Oct 27 2010 - 17:27:48 GMT
To: "wireshark-dev@wireshark.org" <wireshark-dev@wireshark.org>

Hi,

I'm trying to plot a data signal (for example, a custom defined message ID in the data payload) using something similar to "IO Graphs". I used the Generic Dissector plug-in created by Olivier Aveline and I can successfully dissect the data payload. So I should have the such data available somewhere. But I need your help to tell me where I can get it.

>From my understanding, the tap_push_tapped_queue (in tap.c) will be called "after a packet has been fully dissected to push the tapped data to all extensions that has callbacks registered." Then the gtk_iostat_packet (in io_stat.c) is called with edt and pinfo holding the dissected package. However when I look though them, I can only get the protocol level data but nothing further. I have the eth, ip, tcp, myprotocol. When I reach the myprotocol, node->first and node->next are NULL, so I cannot get the field level data. Can someone help me with this? I would like to get the detail data just like proto_tree_write_node_pdml when I export packages to PDML.

Regards,

Liang

___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe